Self-hosted: http://www.passwordstore.org http://keepass.com http://keepassx.org

Paid: http://lastpass.com http://1password.com

I'll second nilved's suggestion of KeePass. The database is encrypted and stored on the local machine. I currently use Syncthing to share it between my devices.

Likewise, I'm very happy with this exact setup after coming from a mix of memorized password and site-dependent password-generation schemes.

I'm on Mac and found KeePassX to be a better solution than the original KeePass, it's much lighter weight. My only hope is that KeePassX gets browser integration at some point via keepasshttp - https://www.keepassx.org/dev/issues/91

Ah KeePassHTTP would be lovely on Android, too, but I'll live with temporarily stashing the passwords in my clipboard for the time being.

Try LastPass.

I like KeePass and use it daily.

I use KeePass as well, and have had no problems using SpiderOak to securely sync my password database across devices.

(Though I've heard noises recently about KeePass's .kdbx file format having some known vulnerabilities. Anyone else heard this, or have more details?)

From what I've heard, people are generally just concerned that the database is not authenticated whatsoever, and so a malicious actor can modify your database (particularly if it's hosted on Dropbox/etc...).

This doesn't seem like a particularly scary vulnerability, but one scenario that was brought up (though I'm not 100% convinced), is that a malicious actor can corrupt the password for one website, leading you to change the password.

I dunno, don't see it as a huge vulnerability, but I do agree there is little reason for such a database not to be authenticated.

I like Password Safe (https://www.schneier.com/passsafe.html), although I do wish that it used AES-256, SHA-384 &c.

I use https://github.com/jamessan/vim-gnupg